Controlling access to computing resources and data is of major importance in today's digital security environment. Without sufficient security measures to restrict access to authorized entities, sensitive data and resources can be compromised beyond recovery. Thus, a recognized need exists for strong authentication mechanisms to control access to vulnerable computing domains. However, implementation of many currently available strong authentication mechanisms requires expensive and complex security system deployments, thus deterring implementation by many entities that could benefit from stronger authentication.
For example, Public Key Infrastructure (PKI) represents a set of standards for creating, storing, and managing a symmetric keys that can be used for authentication. Though PKI provides strong authentication, security consumer adoption of PKI has been limited due to the significant expense and complexity of PKI deployment. Therefore, security consumers have been traditionally required to choose between weak single factor authentication, e.g., username/password only, or stronger authentication, e.g., PKI, involving complex and expensive deployments. Consequently, a need exists for an authentication mechanism that is stronger than single factor and does not require the complex and expensive deployment of PKI.
Cards that communicate under a system defined protocol (e.g., the Java™ Card Enterprise Software (JCES)), are commonly designed as secure repositories of applications and data. Privileged operations such as loading new applications, updating secured data and changing a user's pin requires the establishment of a mutually authenticated secure connection with an agent in possession of the card's master key. This is referred to as a secure channel, as defined in the Global Platform specification. For more information, reference may be made to GlobalPlatform.org, and articles published by the Global Platform organization.
Managing master keys is a very sensitive proposition, and in most deployments requires a Hardware Security Module (HSM) and Public Key Infrastructure (PKI), involving a great deal of complexity and expense. As such, support for non-privileged operations requiring the master key are denied. Consequently, entry level systems that only have non-secured channels cannot take advantage of the added security provided by 2-Factor authentication (i.e., Factor 1: something you have; Factor 2: something you know). One minimum functionality needed for an entry level card is to allow users to reset their pin, in case they forget the pin. Unfortunately, resetting the pin is a privileged operation that requires a master key, so as to avoid non-trusted servers from resetting the pin, and thus sacrificing the security provided by the 2-Factor authentication.
In view of the foregoing, there is a need for methods that will enable resetting of a pin for a card in a secure way that enables authentication of the server that is asked to reset the pin. The methods should allow for this security over a non-secured channel, so as to make entry level cards more practical for base level operation.